RaceCarDriverGuy Posted June 15, 2008 Share Posted June 15, 2008 If I have a string that starts out: $name = $HTTP_POST_VARS['name']; Then, to make sure data is entered I use: if (strlen($name == 0 ) Does this work? and if it does, what do I do if my string is: fputs($out,"$_POST[name]\n"); How do I make sure data is entered? Quote Link to comment https://forums.phpfreaks.com/topic/110254-reigning-in-my-php-script-for-completeness-and-security/ Share on other sites More sharing options...
hansford Posted June 15, 2008 Share Posted June 15, 2008 well you could let client side scripting validate all of this before wasting the servers resourses. If you let php do this then $HTTP_POST_VARS is depreciated use $_POST instead. If you're wanting to just check that the field isn't empty, then.. <?php if(strlen($name)){ } ?> Quote Link to comment https://forums.phpfreaks.com/topic/110254-reigning-in-my-php-script-for-completeness-and-security/#findComment-565746 Share on other sites More sharing options...
RaceCarDriverGuy Posted June 15, 2008 Author Share Posted June 15, 2008 So my syntax would be: <?php fputs($out,"$_POST[name]\n"); if(strlen($name)){ echo "It would appear that you have not put your name in the Name Field. Please use the Back Button to return to the form and put your name in that field. Thank you!"; exit; } ?> It appears I might be confusing MAILTO security tags with having a server-side txt file to capture(which is what I'm using now). I don't want to completely change what works for me now. I'm just trying to have text fields filled out that matter and add limiting args so it limits injection on my page. Just seems safer to me working from the PHP side... Quote Link to comment https://forums.phpfreaks.com/topic/110254-reigning-in-my-php-script-for-completeness-and-security/#findComment-565807 Share on other sites More sharing options...
hansford Posted June 15, 2008 Share Posted June 15, 2008 I don't understand what you're doing with fputs - are you writing to a text file before validating the form input? I was thinking that you were getting input from a form and you wanted to check if there was actual information entered into that field. please clarify what you are trying to do. Quote Link to comment https://forums.phpfreaks.com/topic/110254-reigning-in-my-php-script-for-completeness-and-security/#findComment-565871 Share on other sites More sharing options...
RaceCarDriverGuy Posted June 15, 2008 Author Share Posted June 15, 2008 Sorry, let me post what I have so far. And yes it's just basic at this point which is why i'm trying to beef it up. <HTML> <HEAD> <TITLE> Register </TITLE> </HEAD> <BODY> <?php $out = fopen("register.txt", "a"); if (!$out) { print("server is down, please try later"); exit; } fputs($out,"$_POST[name]\n"); print("Thank You!"); fclose($out); ?> </BODY> </HTML> As it is, this sends the name field to register.txt on the server side and appends to it every time it's sent. I'd like to "require" this field to be filled out so I don't get a bunch of blanks and put some limiting args so I don't get injected. Quote Link to comment https://forums.phpfreaks.com/topic/110254-reigning-in-my-php-script-for-completeness-and-security/#findComment-565967 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.